The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...
CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...
Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM Python package came under active exploitation ...
3don MSN
Top open source PyPI package with over 1 million downloads each month hacked to send out malware
This was not a case of stolen credentials, but rather of vulnerability exploitation.
The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results